Government websites are not particularly good at detecting bots. Neither are other websites.
Those are the conclusions of a report by Distil Networks, an online security firm that specializes in automated programs called bots.
{mosads}The study, which looked at around a thousand top websites, including the top 50 federal sites, found that 30 percent of government sites were unable to detect bot attacks that made no attempt to disguise themselves.
Seventy percent of the government sites successfully defended against themselves against the attacks, which is in line with most industry results. Different sectors scored between 64 percent and 75 percent.
Bots range from legitimate tools to dangerous intruders. Some bots do little more than check websites for changes, but others scour websites for unprotected data, sign up fake accounts to post spam to comment boards and forums, or guess passwords to user accounts.
An attack on the Internal Revenue Service this year used bots to steal 100,000 PINs.
The Distil study also found detection levels of more complicated bots were far lower.
Only 7 percent of government sites could catch bots that disguised themselves as web browser traffic, and none of the sites could catch more complex bots.